Post-Quantum Shift Could Force Crypto Exchanges to Rethink Wallet Security

A widely used method that crypto exchanges rely on to generate deposit addresses while keeping private keys offline could break if blockchains migrate to post-quantum cryptography, according to new research. Exchanges such as Coinbase and Binance currently rely on hierarchical deterministic wallets, a system standardized under Bitcoin Improvement Proposal 32, or BIP32. The design allows operators to generate fresh deposit addresses from a public key stored on a server while the private signing key remains offline in cold storage.  That separation is foundational to how custodial crypto infrastructure works, enabling exchanges to create addresses on demand without exposing the keys that control customer funds. But researchers at Project Eleven argue the architecture may not function under some post-quantum signature schemes, including ML-DSA, a digital signature standard finalized by the U.S. National Institute of Standards and Technology as part of its post-quantum cryptography program. Project Eleven, a post-quantum cryptography startup founded in 2024 and backed by Castle Island Ventures with participation from Coinbase Ventures, is building tools to help financial and blockchain systems transition to quantum-resistant security. “If Bitcoin adopted ML-DSA without a construction like ours, you lose non-hardened derivation,” Conor Deegan, CTO and co-founder of Project Eleven, told Decrypt . “That means any system that needs to generate fresh receiving addresses—exchanges, payment processors, custodial services—can no longer do so from a public key alone.” Under that model, the private key would need to participate in every child-key derivation used to generate new addresses. While systems could rely on hardware security modules, secure enclaves, or air-gapped devices to perform those operations, Deegan said such approaches add complexity and operational risk. “The clean separation that BIP32 provides today, with a public key on a hot server and private key in cold storage, goes away,” he said. The team published its findings on the cryptography-focused IACR research archive earlier this month and released a prototype wallet designed to restore this functionality using quantum-resistant techniques. The proposed design recreates a core feature of BIP32 known as non-hardened key derivation, allowing new public keys to be generated without exposing private keys even under post-quantum cryptography. The construction operates entirely at the wallet layer, meaning blockchains themselves would only need to support the underlying signature scheme used by the wallet. Bitcoin does not currently support ML-DSA or the alternative scheme used in the researchers’ prototype, meaning a protocol upgrade would be required before such designs could be deployed on the network. Deegan added that similar wallet constructions could already be implemented on Ethereum using account abstraction, which allows more flexible signature logic without requiring protocol-level changes. Daily Debrief Newsletter Start every day with the top news stories right now, plus original features, a podcast, videos and more. Your Email Get it! Get it!